|Description||PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)|
|References||DLA-2962-1, DLA-3194-1, DLA-3549-1, DSA-5285-1|
Vulnerable and fixed packages
The table below lists information on source packages.
|bullseye (security), bullseye||1:16.28.0~dfsg-0+deb11u3||fixed|
The information below is based on the following data on fixed versions.
[stretch] - asterisk <not-affected> (Vulnerable code not present)